Honeypots have demonstrated immense value in Internet security, but physical honeypot deployment can be prohibitively complex, time-consuming, and expensive. Virtual honeypots share many attributes of traditional honeypots, but you can run thousands of them on a single system-making them easier and cheaper to build, deploy, and maintain. Thorsten Holz, co-author of the book Virtual Honeypots: From Botnet Tracking to Intrusion Detection, joins Phil and Scott to discuss the book and how the concept can assist in thwarting Internet malware.
Thorsten also discusses Honeyd, a virtual honeypot created by coauthor Niels Provos. He assesses how virtual honeypots can be used for both protection and analysis.
Thorsten Holz is a Ph.D. student at the Laboratory for Dependable Distributed Systems at the University of Mannheim, Germany. He is one of the founders of the German Honeynet Project and a member of the Steering Committee of the Honeynet Research Alliance. His research interests include the practical aspects of secure systems, but he is also interested in more theoretical considerations of dependable systems. Currently, his work concentrates on bots/botnets, client honeypots, and malware in general. He regularly blogs at http://www.honeyblog.org.
This free podcast is from our Technometria with Phil Windley series.